search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.65k stars 578 forks source link

kube-hunter v0.6.7: "Configuration is not initialized" when running kube-hunter in container #502

Closed iElephant closed 2 years ago

iElephant commented 2 years ago

What happened

Trying to run the latest docker image (v0.6.7) and get the "Configuration is not initialized" error:

docker run --rm -it aquasec/kube-hunter
Traceback (most recent call last):
  File "/usr/local/bin/kube-hunter", line 5, in <module>
    from kube_hunter.__main__ import main
  File "/usr/local/lib/python3.8/site-packages/kube_hunter/__main__.py", line 14, in <module>
    pm = initialize_plugin_manager()
  File "/usr/local/lib/python3.8/site-packages/kube_hunter/plugins/__init__.py", line 16, in initialize_plugin_manager
    pm.load_setuptools_entrypoints("kube_hunter")
  File "/usr/local/lib/python3.8/site-packages/pluggy/_manager.py", line 287, in load_setuptools_entrypoints
    plugin = ep.load()
  File "/usr/local/lib/python3.8/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/local/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "/usr/local/lib/python3.8/site-packages/kube_hunter_dns_spoof.py", line 4, in <module>
    from kube_hunter.core.events.types import Event, Vulnerability
  File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/__init__.py", line 3, in <module>
    from . import events
  File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/events/__init__.py", line 2, in <module>
    from .handler import EventQueue, handler
  File "/usr/local/lib/python3.8/site-packages/kube_hunter/core/events/handler.py", line 369, in <module>
    config = get_config()
  File "/usr/local/lib/python3.8/site-packages/kube_hunter/conf/__init__.py", line 60, in get_config
    raise ValueError("Configuration is not initialized")
ValueError: Configuration is not initialized

The previous version works fine:

docker run --rm -it aquasec/kube-hunter:0.6.5
Choose one of the options below:
1. Remote scanning      (scans one or more specific IPs or DNS names)
2. Interface scanning   (scans subnets on all local network interfaces)
3. IP range scanning    (scans a given IP range)
Your choice:

Expected behavior

The kube-hunter should run in docker containers.

mac-chaffee commented 2 years ago

Looks like this commit is the culprit since the CI checks failed with the same error: https://github.com/aquasecurity/kube-hunter/commit/6c4ad4f6fd645816dd4468db22307b092516cd76

danielsagi commented 2 years ago

Thanks for commenting about this. Seems like the image tag was not updated correctly. This was fixed shortly after In the main branch. In the meantime you can use the previous version, I will override the tag with the fixed version!

danielsagi commented 2 years ago

Hi this is fixed now. v0.6.8 is now stable

Take a look at #506 for more details